Understanding the global standard for data protection

By focusing on the latest trends and developments, DataGuard Insights equips professionals with the information they need to navigate the complexities of their field, ensuring they stay informed and ahead of the curve. Violation of FERPA regulations can lead to loss of federal funding, legal penalties, and damage to the institution’s reputation, highlighting the critical importance of safeguarding student data privacy. The Gramm-Leach-Bliley Act (GLBA) is a US law that protects consumers’ personal financial information held by financial institutions. Data breaches are rising, and managing standards like PCI DSS, GDPR, and HIPAA can feel overwhelming. The Commission issued guidance on the application of EU data protection law in the electoral context in September 2018, and guidance onapps supporting the fight against COVID-19 pandemic in relation to data protection in April 2020.

Due diligence must be undertaken to ensure that the person identifying as the parent is an identifiable adult and that the lawful guardian is appointed by a court or competent authority as per the Indian guardianship law. The SPDI Rules apply to the collection and processing of personal information, which means any information that – directly or indirectly, in combination with other information available or likely to be available to a body corporate – is capable of identifying such person. This distinction between personal information and SPDI is important because the requirements and obligations on body corporates for handling personal information and SPDI are different under the SPDI Rules. As data protection regulations continue to evolve, staying informed and adapting to new requirements will be an ongoing challenge for businesses.

• Conformity with ISO/IEC means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard.
• The Draft DPDP Rules also propose that such cross-border transfers would be subject to requirements specified by the government, through general or special orders, for making such data available to foreign states or to entities under the control of such states.
• However, it is generally recommended for all businesses to follow data security best practices to protect their sensitive data.
• They are intended to be a ‘dynamic’ source of information and will be updated as new questions arise.
• The committee will submit its final recommendations to the relevant Ministry, pursuant to which the designated officer will issue the blocking orders.

Some of these standards are mandatory, while others are voluntary and recommended as best practices. The California Consumer Privacy Act (CCPA) is a state statute that enhances privacy rights and consumer protection for California residents. Plus, it factors in data sensitivity levels into alert prioritization so you can protect what matters the most, when it matters the most.

However, in the past, the government has been critical of access to information by certain countries and has taken steps to block such access. For instance, in 2020 the government blocked certain mobile applications upon receiving reports about “stealing and surreptitiously transmitting users’ data in an unauthorised manner to servers which have locations outside India”. Similar concerns had also been raised by the Indian Cyber Crime Coordination Centre of the Ministry of Home Affairs. Accordingly, the government decided to block the apps in the interest of the sovereignty, integrity, defence and security of India. Foreign entities are prohibited from generating geospatial data or maps at a scale finer than the threshold value specified in the Geospatial Guidelines.

Our Services

However, the government can notify purposes and classes of Data Fiduciaries that can be exempted from the restriction on tracking or behavioural monitoring of children or targeted advertising directed at children subject to conditions prescribed by it. Such Data Fiduciaries may be exempted from compliance with the restriction on tracking or behavioural monitoring of children or targeted advertising directed at children, among other things. Orders pertaining to contravention of the SPDI Rules issued by the AO are infrequent and pertain to negligence in implementing and maintaining reasonable security practices and procedures, causing wrongful loss or wrongful gain to any person. According to the publicly available orders, AOs have awarded compensation ranging from INR50,000 to INR1.3 crore (approximately USD575 to USD150,000). These cases largely pertained to telecoms service providers, banks and other financial institutions.

Who needs ISO/IEC 27001?

In order to be certified to comply with data protection law, it is necessary to have a standard that an organisation can be audited against and a clear finding can be made that some organisation complies or does not comply. In short, therefore, a data protection standard enables organisations to become GDPR certified khelo24 or data protection certified. Once you’ve determined the lawful basis for your data processing, you need to document this basis and notify the data subject (transparency!).

This allows you and your team to prioritize and remediate issues in real-time, ensuring that your website is secure and compliant. Discover why security automation is key to achieving and maintaining NIS2 compliance, reducing risk, and streamlining regulatory requirements. DataGuard Insights provides expert analysis and practical advice on security and compliance issues facing IT, marketing and legal professionals across a range of industries and organisations. It acts as a central hub for understanding the intricacies of the regulatory landscape, providing insights that help executives make informed decisions.

SDFs are a category of a Data Fiduciary that will be notified by the government based on its assessment of factors listed in the DPDP Act. The Draft DPDP Rules require SDFs to undertake audits and Data Protection Impact Assessments (DPIA) annually, and to ensure that a report regarding these activities is submitted to the DPB. Furthermore, due diligence will have to be exercised to verify that the “algorithmic software” deployed by an SDF for personal data processing does not pose risks to the Data Principal’s rights. The government can specify certain personal data sets and traffic data that cannot be transferred outside India, based on the recommendations of a committee constituted by the government; in effect, this is a data localisation requirement for an SDF. Verifiable consent of a parent/lawful guardian will have to be obtained before processing the personal data of a child or a person with disability. As per the Draft DPDP Rules, appropriate technical and organisational measures would have to be adopted to ensure that verifiable consent of the parent is obtained before the processing of a child’s personal data.

All standards underscore the importance of implementing robust security measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. Organizations are expected to adopt measures that are commensurate with the sensitivity and volume of the data they handle. Now this is a toughy, because most digital-facing regulations involve at least a degree of data security.

The SPDI Rules are outdated and are due to be overhauled by dedicated legislation on data protection, called the Digital Personal Data Protection Act, 2023 or the DPDP Act (the “upcoming law”), which was introduced in August 2023. The General Data Protection Law (LGPD) is Brazil’s data protection regulation that came into effect in 2020. Similar to GDPR, LGPD aims to unify data protection regulations within Brazil and applies to any business or organization that processes the personal data of individuals in Brazil, regardless of where the organization is based. Data security standards are critical tools for data protection, ensuring stakeholder trust and legal compliance.